[CIDR calculator: https://stencia.com/cidr]

By Will Braynen

Calculator

Notations: The good, the bad, and how I learn them

Notations are helpful shortcuts, but can trip you up if you are new to one.  Put in usability terms, for power users, shortcuts make things simpler and much much faster.  But to novice users, notation can be off-putting and an obstacle to the concepts behind and beyond it.  CIDR, pronounced by some like the tree and by others like the drink, is no exception.  It is notation—shorthand—for addressing machines on a network, so that they can talk to one another.  IP addresses are like phone numbers: without one, you, as a networked device, cannot call or receive calls, making address spaces pretty important.

When I come across new notation I wish to learn, I proceed in three steps.  Step 1: I first memorize at least one salient sample usage.  In case of CIDR, for example, I recommend memorizing "/32" (explained below).  Step 2: I then play around with the notation to see if I can get an intuitive feel for how it works.  For this, I made a CIDR calculator (play with above).  Step 3: Only after the first two steps do I fully engage with an analytic explanation (given below).  Then iterate.

For Step 1, "/32" is a netmask to remember.  It is the biggest possible number for 32-bit IP addresses (which IPv4 addresses are) and corresponds to the smallest possible network of just one machine.  It uniquely identifies one host.  For example, "152.234.0.0/32" identifies the host with an IP address 152.234.0.0.

What it's for and its format

If you use Amazon Web Services (AWS), especially for Virtual Private Clouds (VPCs), or if you are doing networking in general, for backends or not, sooner or later you come across CIDR notation.  It has to do with IP addresses and looks like this: "152.234.0.0/29".

In other words, it's {IP address}/{n}, where the IP address is an IPv4 address and n is the number of leading bits that define the network.  And so, for a 32-bit address, n can at most be 32.  In fact, 8 ≤ n ≤ 32.  If you look at the CIDR calculator at the top of the page, you'll see that it's calculating 32-bit addresses, made up of 8-bit chunks.  All IPv4 addresses are 32 bits in length.

When I first encountered CIDR notation, it tripped me up.  For one thing, the smaller the number (that is, the "/n" netmask), the bigger the network!

What it's not

If you don't know anything about CIDR notation, when you first see something like "152.234.0.0/28", you might think that the first address in the network this notation identifies is "152.234.0.0" and the network has 28 IP addresses, like so: 152.234.0.0, 152.234.0.1, 152.234.0.2, and so on.  Or at least I did when I first saw it.  But, turns out, that's not what it means, and for good reason.

It is true that the network in this example has the sequence of IP addresses above, but it's not true that it has 28 of them.  Instead, "/28" means that the subnet has only sixteen IP addresses.  Because 32-28=4 and 2⁴=16.  If that was a little too quick, let me elaborate.

Binary arithmetic

An IPv4 address is a 32-bit address.  "/28" means that the first 28 bits of the IP address are used to identify the network (e.g. a subnet).  This leaves us with four bits for addressing computers on that network.  (32-28=4.)  Bits are binary, so base two.  Given base two, having four bits means having 2⁴ IP addresses for machines on that network.  2⁴=16.  (2×2×2×2=16.)  So, sixteen machines, at least those to which we can assign addresses without assigning the same address to two machines (which would make it a little difficult to route network traffic to them reliably).

Specific to AWS. Amazon Web Services (AWS) reserves five IP addresses whenever you create a VPC. So if you create a VPC with sixteen IP addresses, then this really means having only eleven computers on that VPC. Because 16-5=11.

Making the netmask number higher would just get us closer to "/32" and we know that that's only one IP address, so a very tiny network.  So to create a bigger network, we would have to lower the netmask.  For example, a network defined by netmask 28 has a larger address space than one defined by netmask 29.  That's because 2⁴ > 2³.  And that's how 28 is bigger than 29.

Historical context

The relevant historical timeline is: classful network scheme and IPv4 (1981), CIDR (1993), IPv6 (1998).

CIDR is documented under RFC 1518 and RFC 1519.  One reason CIDR was introduced was because we were running out of IPv4 addresses too quickly just as a phone company might start running out of phone numbers to give out.  In other words, CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses in a way that conserves them a little better than the classful A-through-E network architecture because it allows to create subnets that have a smaller number of IP addresses than you could with the more rigid classful network scheme.  IPv6 was ultimately introduced for the same reason of course—because we were assigning ip addresses at an unsustainable rate given the addressing scheme we were using.  CIDR can also be used with IPv6, albeit not exactly as flexibly as it can be with IPv4, so it won't go away just because IPv6 will become standard.

links TO MORE

• Whatever happened to IPv5? IPv4, as the name implies, is version 4 of the IP protocol; and IPv6 is version 6. But then, what happened to version 5?!